Principal getPrincipal() { if (!isEstablished()) { throw new IllegalStateException("No established GSSContext to use for the Principal."); } if (principal == null) { try { principal = new KerberosPrincipal(gssContext.getSrcName().toString()); } catch (GSSException e) { throw new IllegalStateException("Unable to create Principal", e); } } return principal; }
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
private Optional<Principal> authenticate(String token) { GSSContext context = doAs(loginContext.getSubject(), () -> gssManager.createContext(serverCredential)); try { byte[] inputToken = Base64.getDecoder().decode(token); context.acceptSecContext(inputToken, 0, inputToken.length); // We can't hold on to the GSS context because HTTP is stateless, so fail // if it can't be set up in a single challenge-response cycle if (context.isEstablished()) { return Optional.of(new KerberosPrincipal(context.getSrcName().toString())); } LOG.debug("Failed to establish GSS context for token %s", token); } catch (GSSException e) { // ignore and fail the authentication LOG.debug(e, "Authentication failed for token %s", token); } finally { try { context.dispose(); } catch (GSSException e) { // ignore } } return Optional.empty(); }
public static String validateSecurityContext(Subject subject, final byte[] serviceTicket) throws GSSException { // Accept the context and return the client principal name. return Subject.doAs(subject, (PrivilegedAction<String>)() -> { try { // Identify the server that communications are being made // to. GSSManager manager = GSSManager.getInstance(); GSSContext context = manager.createContext((GSSCredential) null); context.acceptSecContext(serviceTicket, 0, serviceTicket.length); return context.getSrcName().toString(); } catch (Exception e) { log.error(Util.getMessage("Krb5TokenKerberosContextProcessingException"),e); return null; } }); }
subject.getPrincipals().add(new KerberosPrincipal(gssName.toString()));
"provided by the client."); return SecurityUtil.getUserFromPrincipal(gssContext.getSrcName().toString()); } catch (GSSException e) { throw new HttpAuthenticationException("Kerberos authentication failed: ", e);
private void checkAuthorizationID() throws SaslException { final String authenticationID; try { authenticationID = gssContext.getSrcName().toString(); } catch (GSSException e) { throw saslGs2.mechUnableToDeterminePeerName(e).toSaslException(); } saslGs2.tracef("checking if [%s] is authorized to act as [%s]...", authenticationID, authorizationID); if (authorizationID == null || authorizationID.isEmpty()) { authorizationID = authenticationID; } AuthorizeCallback authorizeCallback = new AuthorizeCallback(authenticationID, authorizationID); handleCallbacks(authorizeCallback); if (! authorizeCallback.isAuthorized()) { throw saslGs2.mechAuthorizationFailed(authenticationID, authorizationID).toSaslException(); } saslGs2.trace("authorization id check successful"); }
log.trace("SPNEGO in progress"); } else { String clientPrincipal = gssContext.getSrcName().toString(); KerberosName kerberosName = new KerberosName(clientPrincipal); String userName = kerberosName.getShortName();
return getPrincipalWithoutRealmAndHost(gssContext.getSrcName().toString());
dataSourceConfiguration.connectionPoolConfiguration().connectionFactoryConfiguration().principal(new NamePrincipal(kerberosCredential.getGssCredential().getName().toString()));
String clientName = srcName.toString();
public static String getSourcePrinciple(GSSContext context) { try { return context.getSrcName().toString(); } catch (GSSException e) { throw new RuntimeException(e); } }
private String toUserName(GSSContext gssContext) { try { String name = gssContext.getSrcName().toString(); int at = name.indexOf('@'); if (at < 0) return name; return name.substring(0, at); } catch (GSSException x) { throw new RuntimeException(x); } }
String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; authenticationId = gssContext.getSrcName().toString(); } catch (GSSException e) { throw saslGssapi.mechUnableToDeterminePeerName(e).toSaslException();
String clientName = gContext.getSrcName().toString(); String role = clientName.substring(clientName.indexOf('@') + 1);
public static String getSourcePrinciple(GSSContext context) { try { return context.getSrcName().toString(); } catch (GSSException e) { throw new RuntimeException(e); } }
Principal getPrincipal() { if (!isEstablished()) { throw new IllegalStateException("No established GSSContext to use for the Principal."); } if (principal == null) { try { principal = new KerberosPrincipal(gssContext.getSrcName().toString()); } catch (GSSException e) { throw new IllegalStateException("Unable to create Principal", e); } } return principal; }
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
public String run() throws GSSException { final GSSContext serverCtx = manager.createContext((GSSCredential) null); serverCtx.acceptSecContext(token, 0, token.length); final String s = serverCtx.getSrcName().toString(); serverCtx.dispose(); return s; } });
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }